ebook img

Android Application Secure Design/Secure Coding Guidebook PDF

452 Pages·2014·5.75 MB·English
by  OkuyamaKen
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Android Application Secure Design/Secure Coding Guidebook

Android Application Secure Design/Secure Coding Guidebook July 1st, 2014 Edtion Japan Smartphone Security Association (JSSEC) Secure Coding Group Document control number: JSSEC-TECA-SC-GD20140701BE  The content of this guide is up to date as of the time of publication, but standards and environments are constantly evolving. When using sample code, make sure you are adhering to the latest coding standards and best practices.  JSSEC and the writers of this guide are not responsible for how you use this document. Full responsibility lies with you, the user of the information provided.  Android™ is a trademark or a registered trademark of Google Inc. The company names, product names and service names appearing in this document are generally the registered trademarks or trademarks of their respective companies. Further, the registered trademark ®, trademark (TM) and copyright © symbols are not used throughout this document.  Parts of this document are copied from or based on content created and provided by Google, Inc. They are used here in accordance with the provisions of the Creative Commons Attribution 3.0 License Android Application Secure Design/Secure Coding Guidebook July 1st, 2014 Edition http://www.jssec.org/dl/android_securecoding_en.pdf Android Application Secure Design/Secure Coding Guidebook - Beta version - July 1st, 2014 Japan Smartphone Security Association Secure Coding Group Index 1. Introduction ................................................................................................................................ 9 1.1. Building a Secure Smartphone Society ................................................................................... 9 1.2. Timely Feedback on a Regular Basis Through the Beta Version ............................................. 10 1.3. Usage Agreement of the Guidebook .................................................................................... 11 1.4. Correction articles of April 1 2014 edtion ............................................................................ 12 2. Composition of the Guidebook .................................................................................................. 14 2.1. Developer's Context ............................................................................................................ 14 2.2. Sample Code, Rule Book, Advanced Topics .......................................................................... 15 2.3. The Scope of the Guidebook ............................................................................................... 18 2.4. Literature on Android Secure Coding ................................................................................... 19 2.5. Steps to Install Sample Codes into Eclipse ........................................................................... 20 3. Basic Knowledge of Secure Design and Secure Coding ............................................................... 36 3.1. Android Application Security ............................................................................................... 36 3.2. Handling Input Data Carefully and Securely ......................................................................... 49 4. Using Technology in a Safe Way ................................................................................................. 51 4.1. Creating/Using Activities .................................................................................................... 51 4.2. Receiving/Sending Broadcasts ............................................................................................. 96 4.3. Creating/Using Content Providers ..................................................................................... 129 4.4. Creating/Using Services .................................................................................................... 179 4.5. Using SQLite ..................................................................................................................... 223 4.6. Handling Files ................................................................................................................... 241 4.7. Using Browsable Intent ...................................................................................................... 268 4.8. Outputting Log to LogCat .................................................................................................. 272 4.9. Using WebView ................................................................................................................. 284 5. How to use Security Functions ................................................................................................. 295 5.1. Creating Password Input Screens ....................................................................................... 295 5.2. Permission and Protection Level ........................................................................................ 310 5.3. Add In-house Accounts to Account Manager ..................................................................... 338 5.4. Communicating via HTTPS ................................................................................................ 357 5.5. Handling privacy data ....................................................................................................... 379 5.6. Using Cryptography .......................................................................................................... 412 6. Difficult Problems ................................................................................................................... 441 All rights reserved © Japan Smartphone Security Association. Building a Secure Smartphone Society 1 Android Application Secure Design/Secure Coding Guidebook July 1st, 2014 Edition http://www.jssec.org/dl/android_securecoding_en.pdf 6.1. Risk of Information Leakage from Clipboard ...................................................................... 441 2 All rights reserved © Japan Smartphone Security Association. Building a Secure Smartphone Society Android Application Secure Design/Secure Coding Guidebook July 1st, 2014 Edition http://www.jssec.org/dl/android_securecoding_en.pdf Revision history Date Revised contents 2014-04-01  Initial English Edition 2014-07-01  Added new articles below  5.5 Handling privacy data  5.6 Using Cryptography  New editions of the guidebook updated based on public opinions and comments. All rights reserved © Japan Smartphone Security Association. Building a Secure Smartphone Society 3 Android Application Secure Design/Secure Coding Guidebook July 1st, 2014 Edition http://www.jssec.org/dl/android_securecoding_en.pdf - Published by - Japan Smartphone Security Association Secure Coding Group, Application Working Group, Smartphone Technology Committee Leader Masaru Matsunami Sony Digital Network Applications, Inc. Member Tohru Ohzono Cisco Systems, Inc. Shigeru Yatabe Cisco Systems, Inc Keisuke Takemori KDDI CORPORATION Takamasa Isohara KDDI CORPORATION Naonobu Yatsukawa Nihon Unisys, Ltd. Shigenori Takei NTT Software Corporation Masahiro Kasahara SoftBank Mobile Corp. Eiji Hoshimoto Software Research Associates, Inc. Tsutomu Kumazawa Software Research Associates, Inc. Akira Ando Sony Digital Network Applications, Inc. Ken Okuyama Sony Digital Network Applications, Inc. Setsuko Kaji Sony Digital Network Applications, Inc. Taeko Ito Sony Digital Network Applications, Inc. Yoshinori Kataoka Sony Digital Network Applications, Inc Eiji Shimano Tao Software, Inc. Gaku Taniguchi Tao Software, Inc. Michiyoshi Sato Tokyo System House Co., Ltd. (In no particular order) 4 All rights reserved © Japan Smartphone Security Association. Building a Secure Smartphone Society Android Application Secure Design/Secure Coding Guidebook July 1st, 2014 Edition http://www.jssec.org/dl/android_securecoding_en.pdf - Authors of April 1, 2014 English Edition - Leader Masaru Matsunami Sony Digital Network Applications, Inc. Member Tomoyuki Hasegawa Android Security Japan Mayumi Nishiyama BJIT Inc. Tohru Ohzono Cisco Systems, Inc. Masaki Kubo Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) Daniel Burrowes, Zachary Mathis Kobe Digital Labo Inc. Renta Futamura NextGen, Inc. Naonobu Yatsukawa Nihon Unisys, Ltd. Shigenori Takei NTT Software Corporation Ikuya FUkumono, Tsutomu Kumazawa Software Research Associates, Inc. Akira Ando, Hiroko Nakajima, Ken Sony Digital Network Applications, Inc. Okuyama, Satoshi Fujimura, Setsuko Kaji, Taeko Ito, Yoshinori Kataoka Hidenori Yamaji, Takuya Nishibayashi Sony Mobile Communications Inc. Koji Isoda Symantec Japan, Inc. Gaku Taniguchi Tao Software, Inc. Michiyoshi Sato Tokyo System House Co., Ltd. (In no particular order) All rights reserved © Japan Smartphone Security Association. Building a Secure Smartphone Society 5 Android Application Secure Design/Secure Coding Guidebook July 1st, 2014 Edition http://www.jssec.org/dl/android_securecoding_en.pdf - Authors of April 1, 2013 Japanese Edition - Leader Masaru Matsunami Sony Digital Network Applications, Inc. Member Masaomi Adachi, Tomoyuki Hasegawa Android Security Japan Yuki Abe, Tomomi Oouchi, Tsutomu Software Research Associates, Inc. Kumazawa, Toshimi Sawada, Kiyoshi Hata, Youichi Higa, Yuu Fukui, Ikuya Fukumoto, Eiji Hoshimoto, Shun Yokoi, Takakazu Yoshizawa Takeshi Fujiwara NRI SecureTechnologies, Ltd. Shigenori Takei NTT Software Corporation Masaki Kubo, Hiroshi Kumagai, Yozo Japan Computer Emergency Response Team Toda Coordination Center (JPCERT/CC) Tohru Ohzono, Shigeru Yatabe Cisco Systems, Inc. Toru Asano, Akira Ando, Ryohji Ikebe, Sony Digital Network Applications, Inc. Jun Ogiso, Ken Okuyama, Yoshinori Kataoka, Muneaki Nishimura, Koji Furusawa, Kenji Yamaoka Gaku Taniguchi Tao Software, Inc. Naonobu Yatsukawa Nihon Unisys, Ltd. (In no particular order) 6 All rights reserved © Japan Smartphone Security Association. Building a Secure Smartphone Society Android Application Secure Design/Secure Coding Guidebook July 1st, 2014 Edition http://www.jssec.org/dl/android_securecoding_en.pdf - Authors of November 1, 2012 Japanese Edition - Leader Masaru Matsunami Sony Digital Network Applications, Inc. Member Katsuhiko Sato, Nakaguchi Akihiko Android Security Japan Tomomi Oouchi, Naoyuki Ohira, Software Research Associates, Inc. Tsutomu Kumazawa, Miki Sekikawa, Seigo Nakano, Youichi Higa, Ikuya Fukumoto, Eiji Hoshimoto, Shoichi Yasuda, Tadayuki Yahiro, Takakazu Yoshizawa Shigenori Takei NTT Software Corporation Keisuke Takemori KDDI CORPORATION Masaki Kubo, Hiroshi Kumagai, Yozo Japan Computer Emergency Response Team Toda Coordination Center (JPCERT/CC) Tohru Ohzono, Shigeru Yatabe Cisco Systems, Inc. Toru Asano, Akira Ando, Ryohji Ikebe, Sony Digital Network Applications, Inc. Shigeru Ichikawa, Mitake Ohtani, Jun Ogiso, Ken Okuyama, Yoshinori Kataoka, Ikue Sato, Muneaki Nishimura, Kazuo Yamaoka, Takeru Kikkawa Gaku Taniguchi, Eiji Shimano, Hisao Tao Software, Inc. Kitamura Takao Yamakawa Japan Online Game Association Masaki Ishihara, Yasuaki Mori Nippon System Kaihatsu Co., Ltd. Naonobu Yatsukawa Nihon Unisys, Ltd. Shigeki Fujii UNIADEX, Ltd. (In no particular order) All rights reserved © Japan Smartphone Security Association. Building a Secure Smartphone Society 7 Android Application Secure Design/Secure Coding Guidebook July 1st, 2014 Edition http://www.jssec.org/dl/android_securecoding_en.pdf - Authors of June 1, 2012 Japanese Edition- Leader Masaru Matsunami Sony Digital Network Applications, Inc. Member Katsuhiko Sato Android Security Japan Tomomi Oouchi, Youichi Higa, Eiji Software Research Associates, Inc. Hoshimoto Shigenori Takei NTT Software Corporation Masaki Kubo, Hiroshi Kumagai, Yozo Japan Computer Emergency Response Team Toda Coordination Center (JPCERT/CC) Tohru Ohzono, Shigeru Yatabe Cisco Systems, Inc. Yoichi Taguchi System House. ING Co., Ltd. Masahiko Sakamoto Secure Sky Technology, Inc. Akira Ando, Shigeru Ichikawa, Ken Sony Digital Network Applications, Inc. Okuyama, Ikue Sato, Muneaki Nishimura, Kazuo Yamaoka Hidehira Kuranaga Daiwa Institute of Research Holdings Ltd. Gaku Taniguchi, Eiji Shimano, Hisao Tao Software, Inc. Kitamura Michiyoshi Sato Tokyo System House Co., Ltd. Masakazu Hattori Trend Micro Incorporated. Naonobu Yatsukawa Nihon Unisys, Ltd. Masaaki Chida NetAgent Inc. Shigeki Fujii UNIADEX, Ltd. (In no particular order) 8 All rights reserved © Japan Smartphone Security Association. Building a Secure Smartphone Society

Description:
Android Application Secure Design/Secure Coding Guidebook. July 1st, 2014 Edtion Japan Smartphone Security Association (JSSEC) Secure Coding Group
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.